Security and Smartness for Medical Sensor Networks in Personalized Mobile Health Systems

Transcription

1 Security and Smartness for Medical Sensor Networks in Personalized Mobile Health Systems I. Nikolaevskiy, D. Korzun, Andrei Gurtov Aalto University FRUCT 15

2 Motivation for Medical ICT Population gets older, high costs of medical care Insulin pumps, Implanted Cardio Defibrillators could be monitored remotely Threatening state of security in current medical devices Demonstrated remote triggering of heart shock How to combine security with limited hardware and battery capabilities? Secure Remote Monitoring of Personal Health Appliances (SEMOHealth) TRANSMITTER SENSOR IP RELAY

3 Two Related Devices for Diabetics Continuous Glucose Monitors (CGM) Small wire in tissue to measure electrical elements of fluid Graphs sugar values over time Transmits data blindly over wireless Better than urine tasting Insulin Pump Insulin delivered through tubing attached to body Tubing replaced every 3 days Special USB dongles used to program Insulin Pumps and download history data Devices not designed to be updated. No way of patching. 5+ year lifespan.

4 Both Devices Hacked by J. Radcliff Using patents and FCC specs Publicly available equipment Acquire root access to devices up to 30 m Requires finding out device serial number No built in security! Enabling logging gives out packet structure Currently some human participation is needed, in future Artificial Pancreas project will be bring CGM-pump automatic connection

5 Hacker Shows Off Lethal Attack By Controlling Wireless Medical Device Barnaby Jack has discovered a way to scan a public space from up to 300 feet away, find vulnerable pumps made by Minneapolis-based Medtronic Inc., and force them to dispense fatal insulin doses. Jack doesn t need to be close to the victim or do any kind of extra surveillance to acquire the serial number, as Jay Radcliffe did.

6 Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Daniel Halperin, Thomas S. Heydt- Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel IEEE Symposium on Security and Privacy, May 2008 Demonstrated Attack on IMDs

7 Decoded Plain-text Communication Protocol

8 Demonstrated Attacks on Implanted Cardio Defibrillator

9 Medical Smart Space Architecture

10 Remote Monitoring Architecture Hybrid IPless/IP architecture based on Host Identity Protocol (HIP) Use of a mobile phone as a secure gateway for connecting personal devices to Internet Secure key exchange Trust management and revocation infrastructure Emergency access; Secure key storage; Preserving battery

11 Communication Channels

12 Properties of the Channels

13 Host Identity Protocol (HIP) in a Nutshell HIP Base Exchange (BEX) end-to-end key exchange protocol 4-way handshake (I1, R1, I2, R2 packets): Mutual authentication with DSA/RSA signatures Protection against DoS with puzzles Key exchange with Diffie-Hellman (DH) HIP Diet Exchange (DEX) is a lightweight version No signatures fixed Elliptic curve DH (ECDH) keys are used instead No hash functions

14 Basic HIP uses heavyweight RSA/DSA cryptography Association establishment can take up to a second even on regular PC Small devices have very restricted capabilities The use of Elliptic Curve Cryptography (ECC) is almost mandatory Duration of HIP Base Exchange (BEX)

15 Security Properties of ECC and HIP BEX ECC offers same cryptographic strength with almost order of magnitude less space HIP BEX requires signature operations and Diffie-Hellman key exchange

16 HIP Diet Exchange (DEX) Four-way handshake protocol proposed by Robert Moskowitz Packet size [40, 216) Fragmentation needed Security primitives: Puzzle ECDH AES encryption CMAC

17 Security analysis of HIP DEX Protection against six attack models Radio jamming: None Packet DoS attack: Puzzle Replay attack: Nonce + CMAC Spoofing/Sybil attack: Password authentication Message eavesdropping: AES encryption Man-in-the-middleware/wormhole: ECDH

18 Proposed Authentication Protocol HIP DEX + implicit certs

19 Smart M3: Knowledge Processors&Semantic Information Brokers

20 Knowledge Processors in Medical Smart Space

21 Device Characteristics

22 Processing Time and Energy Consumption of Protocol Messages Typical LR44 battery capacity of 150 mah will be enough for more than 20,000 handshakes.

23 Standardization Status New Task Group IEEE Key management protocol for and.7 links HIP DEX, IKEv2, PANA, etc Best Current Practice specification are expected within a year Internet Engineering Task Force (IETF) Standards-track HIP RFCs Developing DEX New WGs: DICE, ACE Internet Research Task Force (IRTF) Published HIP experiment report Related work on Internet-of-Things

24 Conclusions Designed an integrated system consisting of medical sensors, terminal readers, smart space processors Using state-of-the-art security protocols ECC Support of implicit certificates in HIP Diet Exchange (HIP DEX) Prototyped using Telos B sensors Secured interactions within Smart M3 system